This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About linusso
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About linusso
03-14-2016
9Posts
1Like
0Solutions
Mar 14, 2016Last Visited
User
Activity
User
Profile
Latest posts by linusso
| Subject | Views | Posted |
|---|---|---|
| 2090 | 07-17-2013 11:45 PM | |
| 2320 | 06-04-2013 07:22 PM | |
| 15515 | 05-22-2012 08:37 PM | |
| 3094 | 05-17-2012 07:35 PM | |
| 16027 | 05-14-2012 02:37 AM | |
| 2949 | 04-18-2012 07:16 PM | |
| 2838 | 04-18-2012 06:54 PM | |
| 3064 | 04-18-2012 03:28 AM | |
| 2987 | 04-18-2012 03:22 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-22-2012 08:37 PM |
User Badges
Community Statistics
| Member Since | 04-12-2012 01:37 AM |
| Date Last Visited | 03-14-2016 08:01 AM |
| Posts | 9 |
| Total Likes Received | 1 |
07-17-2013
11:45 PM
Just got update from TechWave, PDF file support is on roadmap
... View more
06-04-2013
07:22 PM
Hi all, Like other vendors in the market, I think WildFire should support fire types like images, pdf, documents (e.g. malicious excel file in RSA incident). Will PANW have road-map on this feature? Regards, L
... View more
05-22-2012
08:37 PM
1 Kudo
Hi Dez, Thanks for your answer. I understand the function of Internal Host Detection from admin guide. My problem is there is contradiction on GP configuration guide and troubleshooting guide. Anyway, I have opened a support case and now I can confirmed: 1. If SSO is selected, Internal Host Detection with be used (by reserve DNS lookup, resolve IP to hostname) 2. If On Demand mode is selected. GP client (start from 1.1.4) will always set its network type to 'External' and connect to external gateway. 3. From support team: " The statement in GP troubleshooting guide looks incorrect. I have escalated to verify this"
... View more
05-17-2012
07:35 PM
one year later, any update on the certificate process?
... View more
05-14-2012
02:37 AM
I am confused with GlobalProtect offical documents. From GlobalProtect troubleshooting guide: Internal Host Detection Internal Host Detection provides hints to GP client to determine quickly if the PC is inside or outside office. If it is not configured, GP client will always try to connect to each internal gateway first . If it fails to connect to any internal gateway or if there is no internal gateway defined, it will then attempt to connect to the best external gateway. Admin should try to set internal host detection as it speeds up the tunnel establishment. From Configuring GlobalProtect Tech Note: Internal Host Detection: This helps Client determine whether the host is inside or outside the corporate network and then connect to the corresponding Gateway. The DNS name specifies a hostname that only can be reached from internal network and its IP address. The Client performs a reverse lookup on the IP address and if it receives the expected hostname as a response, it will attempt connecting to the Gateways in the internal list. If no response is received that Client will attempt to connect to the external Gateways in the external list If no “internal-host-detection” configuration is provided, Client always connectes to the external Gateways. Anyone know which one is correct?
... View more
- Tags:
- globalprotect
- ssl-vpn
04-18-2012
07:16 PM
Yes, use external of proxy server with PAN is not a good design (at least user-id not working). However in this discussion, let focus on another feature - PAN work as proxy server. Check Point is quite smart to add HTTP/HTTPS proxy into the FW. As the FW can log/control by the Client IP/User and URL itself but not only by the X-Forward-For header provided by external proxy. Any timeline PAN will add this feature in the future?
... View more
04-18-2012
06:54 PM
Maybe I clarify the background first. Here is the summary, assume we have two sites: Site A - Able to access any web sites. Site B - Not able to access some web sites (mainly facebook, twitter, youtube), the meaning of NOT able is the WHOLE country users cannot access these web sites thanks to Great Firewall of China. Currently Site A is using Microsoft ISA as FW + Proxy. ISA is also using in SiteB as firewall. Site B users will configure Site A ISA IP as Forward-Proxy server manually when they want to access blocked site. -------------------------------------------------------------------------------------- We want to propose PAN to replace both ISA but we also have to take the problem of Great Firewall. Actually the reason we want to check if PBF work in our case is PAN cannot work as forward-proxy server, we cannot replace ISA in Site A. However I just found the latest version of Check Point FW can do this. So I think in this case, BGP magic simple doesn't work, right? Is there any workaround?
... View more
04-18-2012
03:28 AM
Any roadmap to add this feature? It is good selling point if End user want to replace their Proxy server originally use as URL filtering device. Check Point FW can act as Web proxy server in R75.40.
... View more
04-18-2012
03:22 AM
After research in KnowledgePoint, I understand application is not recommended to be used in PBF as single session will always be forwarded the same way. i.e. application shifts will not change the forwarding behavior. If we want to forward traffics from internal to specified url URL e.g. www.facebook.com to 2nd ISP, is it possible? Any simple way to fulfill this requirement? Can anyone confirm follow idea will work? 1. Create FQDN address object and use it as Destination address in PBF. Assumption: We collect ALL FQDNs when user access www.facebook.com Example: www.facebook.com facebook.com pixel.facebook.com profile.ak.fbcdn.net static.ak.fbcdn.net a8.sphotos.ak.fbcdn.net external.ak.fbcdn.net Problem: Too many FQDN objects for single site The FQDN initially resolves at commit time. Entries are subsequently refreshed when the DNS time-to-live expires (or is close to expiring). We cannot confirm if all IP addresses are recorded if DNS reply multiple IP for a FQDN
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-14-2016
08:01 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks